Privacy Policy

How Trificta collects, uses, and protects your personal information.

Last updated: April 2026  ·  ABN: 34 644 855 158  ·  Applies to: trificta.com.au and all Trificta services

1. About This Policy

Trificta Pty Ltd ("Trificta", "we", "us", or "our") is committed to protecting the privacy of individuals who interact with us. This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the thirteen Australian Privacy Principles (APPs) contained in Schedule 1 of that Act, and the Notifiable Data Breaches scheme under Part IIIC of the Act.

Where we provide services to clients in the European Union, we also take reasonable steps to meet the requirements of the EU General Data Protection Regulation (GDPR) in respect of the personal data we handle on their behalf.

By using our website or engaging our services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our website or services.

2. What Personal Information We Collect

We may collect the following types of personal information:

Contact and identity information

  • Name (first and last)
  • Email address
  • Phone number
  • Company name and job title
  • Postal or business address

Technical and usage information

  • IP address and browser type
  • Pages visited and time spent on our website
  • Referring website or search terms
  • Device type and operating system

Business and service information

  • Information provided in enquiries, contact forms, or support requests
  • Details relevant to the delivery of our ICT services
  • Communication records (email, phone notes)

Sensitive information

We do not deliberately collect "sensitive information" as defined in section 6 of the Privacy Act (which includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and similar categories). In the rare event a client engagement requires us to handle such information, we will only do so with the individual's express consent and with additional safeguards appropriate to the category under APP 3.3.

3. How We Collect Personal Information

We collect personal information in a number of ways, including:

  • When you complete the contact form on our website
  • When you email or call us directly
  • When you engage us to provide services
  • When you apply for a position at Trificta
  • Through cookies and website analytics tools (see section 8)
  • From publicly available sources (e.g. LinkedIn, company websites)

We will only collect personal information by lawful and fair means. Where practicable, we collect personal information directly from the individual concerned.

4. Why We Collect and Use Personal Information

We collect and use personal information for the following purposes:

  • To respond to enquiries and provide requested information
  • To deliver and manage our ICT services to clients
  • To communicate about projects, service updates, and support
  • To process job applications and manage recruitment
  • To comply with legal obligations
  • To improve our website and service offerings
  • To send relevant business communications (with your consent where required)

We will not use or disclose your personal information for purposes other than those described above without your consent, unless required or authorised by law.

5. Disclosure of Personal Information

We may disclose your personal information to:

  • Our employees and contractors who need it to perform their duties
  • Technology partners and subcontractors involved in delivering our services
  • Professional advisers (legal, financial, accounting)
  • Government or regulatory authorities where required by law

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Overseas disclosure (APP 8)

Some of the third-party platforms we use to run our business and deliver services are hosted outside Australia. The overseas recipients we currently rely on are located in:

  • Australia — Microsoft Azure (Australia East & Australia Southeast regions) for client workloads and our own business systems.
  • United States — Formspree (contact form submissions), GitHub (source-control and CI), and Google Workspace / Microsoft 365 where client tenants are US-resident.
  • European Union — Formspree fall-back processing; Azure Static Web Apps CDN edges.

Where we disclose personal information to these recipients we take reasonable steps to ensure they handle it in accordance with the Australian Privacy Principles or a substantially similar regime. Our standard contractual terms with processors require compliance with the APPs and, where relevant, the GDPR.

6. Data Security and the Notifiable Data Breaches scheme

We take reasonable steps under APP 11 to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • TLS 1.2+ encryption in transit for all website traffic and client integrations
  • Encryption at rest for systems that store personal information
  • Role-based access controls, multi-factor authentication, and least-privilege service accounts
  • Regular patching, vulnerability scanning, and staff security awareness training
  • Logging and monitoring of access to systems containing personal information
  • Secure destruction or de-identification of information that is no longer required

If Trificta becomes aware of a data breach that is likely to result in serious harm to an affected individual, and we are unable to remediate the breach before that harm occurs, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. This means we will notify the Office of the Australian Information Commissioner (OAIC) and each affected individual as soon as practicable, with the information required by section 26WK of the Act.

No method of transmission over the internet is completely secure. While we apply the safeguards above, we cannot guarantee absolute security of information transmitted to us online.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods are:

  • Website enquiries and contact-form submissions — 24 months from last contact, then deleted unless converted into an active client engagement.
  • Client business records (contracts, invoices, project documentation) — 7 years from end of engagement, to meet Corporations Act and ATO record-keeping obligations.
  • Unsuccessful job applications — 12 months from the date of application, then deleted (we may ask for consent to keep your details on file for longer).
  • Employee records — for the duration of employment and 7 years afterward, as required by the Fair Work Act and related regulations.
  • Website analytics (aggregate, non-identifying) — retained indefinitely; personally-identifying logs (IP addresses) are rotated out after 90 days.

When personal information is no longer needed for any purpose permitted by APP 11.2, we take reasonable steps to destroy or de-identify it.

8. Cookies and Website Analytics

Our website uses a small number of cookies and similar browser storage mechanisms, grouped by purpose:

  • Strictly necessary — session-level tokens used by the contact form to submit without reload (Formspree CSRF token). These cannot be disabled without breaking the form.
  • Preferences — local storage entries that remember UI state (e.g. "reduce motion" respected, mobile navigation drawer state). No identifying information.
  • Analytics — at the time of writing we do not run any third-party analytics tools on this website. If we introduce analytics in the future, this policy will be updated to name the vendor and you will be given a clear opt-out.

You can configure your browser to refuse cookies or alert you when cookies are being sent. Disabling cookies may affect some functionality of the website — in particular, the contact form.

8A. Direct Marketing (APP 7)

We do not send unsolicited marketing messages. If, in the course of a business engagement, we send you service updates or information relevant to your account, you can unsubscribe at any time by replying to that message or emailing sales@trificta.com.au. We will action opt-outs within five business days, consistent with the Spam Act 2003 (Cth).

9. Accessing and Correcting Your Personal Information

You have the right to request access to the personal information Trificta holds about you, and to request that we correct any inaccurate, out-of-date, or incomplete information. To make such a request, please contact us using the details in section 11.

We will respond to access requests within a reasonable timeframe. In some circumstances we may be unable to provide access (for example, where it would unreasonably impact the privacy of another individual), and we will advise you of the reasons.

10. Complaints

If you believe Trificta has handled your personal information in a way that breaches the Australian Privacy Principles, you may make a complaint by contacting us using the details below. We will acknowledge your complaint within 7 days and provide a substantive response within 30 days, as required by OAIC guidance.

If you are not satisfied with our response, or if we have not responded within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Online: www.oaic.gov.au/privacy/privacy-complaints
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

11. Contact Us

For any privacy-related questions, requests, or complaints, please contact us:

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available at trificta.com.au/privacy.html. We encourage you to review this policy periodically.